Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 97

Implementing IPSec Network Security on Cisco IOS XR Software
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto ipsec transform-set name
transform-set submode transform protocol
transform-set submode mode {transport | tunnel}
Example:
RP/0/RP0/CPU0:router(config)# crypto ipsec
transform-set new
RP/0/RP0/CPU0:router(config-transform-set new)#
transform esp-sha-hmac
Step 3
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-transform-set
new)# end
or
RP/0/RP0/CPU0:router(config-transform-set new)#
commit
Configuring Crypto Profiles
This task configures static or dynamic crypto profiles.
SUMMARY STEPS
1.
2.
3.
4.
5.
OL-20382-01
configure
crypto ipsec profile name
match acl-name transform-set transform-set-name
set pfs {group1 | group2 | group5}
set type {static | dynamic}
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
How to Implement General IPSec Configurations for IPSec Networks
Purpose
Enters global configuration mode.
Defines a transform set.
• Complex rules define which entries you can use for the
transform arguments. These rules are explained in the
command description for the crypto ipsec
transform-set command.
Saves configuration changes.
When you issue the end command, the system prompts
•
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
–
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
–
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
–
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
SC-91